Author: Admin
August 22, 2024Ravi LakshmananNetwork Security / Zero-Day Details have emerged of the China-nexus threat group using a recently disclosed, now patched, security flaw in Cisco switches as a zero-day to seize control of the device and evade detection. Activity attributed to the Velvet Ant was seen earlier this year and involved weapons CVE-2024-20399 (CVSS Score: 6.0) to deliver custom malware and gain extensive control over the compromised system, facilitating both data theft and permanent access. “The zero-day exploit allows an attacker with valid administrator credentials for the switch management console to bypass the NX-OS command-line interface (CLI) and execute arbitrary…
August 22, 2024Ravi LakshmananCloud Security / Application Security More than 15,000 applications that use the Amazon Web Services (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to configuration issues that could expose them to access control bypass and compromise applications. That’s it findings from Israeli cybersecurity company Miggo, which identified the problem ALBeast. “This vulnerability allows attackers to gain direct access to compromised programs, especially if they are exposed to Internet access,” security researcher Liad Eliyahu said. ALB is an Amazon service designed to route HTTP and HTTPS traffic to target applications based on the nature of requests.…
August 22, 2024Ravi LakshmananEnterprise Software / Vulnerability GitHub has released patches to address a set of three security flaws affecting its Enterprise Server product, including one critical bug that can be exploited to gain site administrator privileges. The most serious of the flaws was assigned a CVE ID of CVE-2024-6800 and a CVSS score of 9.5. “On GitHub Enterprise Server instances that use SAML Single Sign-On (SSO) authentication with specific identities that use publicly signed XML merge metadata, an attacker could forge a SAML response to provide and/or gain access to an administrative user account site,” GitHub said in the…
August 22, 2024Ravi LakshmananWebsite Security / Vulnerability Cybersecurity researchers have discovered a critical security flaw in the LiteSpeed cache a plugin for WordPress that can allow unauthenticated users to gain admin rights. “The plugin suffers from unauthenticated privilege escalation, which allows any unauthenticated visitor to gain administrator-level access, allowing malicious plugins to be downloaded and installed,” Patchstack’s Rafi Muhammad. said in Wednesday’s report. The vulnerability, identified as CVE-2024-28000 (CVSS score: 9.8), was fixed in version 6.4 of the plugin, released on August 13, 2024. It affects all versions of the plugin, including those earlier than 6.3.0.1. LiteSpeed Cache is one…
August 22, 2024Ravi LakshmananBrowser Security / Vulnerability Google has released security patches to address a serious security flaw in its Chrome browser that it says is being actively exploited in the wild. Tracked as CVE-2024-7971The vulnerability was described as a type confusion bug in the V8 JavaScript engine and WebAssembly. “Type confusion in Google Chrome V8 prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page,” the report said. description about the bug in the NIST National Vulnerability Database (NVD). The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) were…
August 22, 2024Ravi LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new variant of the malware called PG_MEM, designed to mine cryptocurrency after crudely infiltrating PostgreSQL database instances. “Brute force attacks on Postgres involve repeated attempts to guess database credentials until access is granted, using weak passwords,” – Assaf Morag, Aqua Security Researcher said in the technical report. “Once accessed, attackers can use COPY … FROM SQL PROGRAM command to execute arbitrary shell commands on a host, allowing them to perform malicious actions such as stealing data or deploying malware.” The attack chain observed by the cloud security firm…
August 21, 2024Ravi LakshmananCyber espionage / malware A new remote access trojan has been invoked MoonPeak was found to be used by North Korea’s state-sponsored threat cluster as part of a new campaign. Cisco Talos attributes the malicious cyber campaign to a hacking group it is tracking as UAT-5394, which it says shows some level of tactical overlap with a known nation-state actor codenamed Kimsuki. MoonPeak, which is actively being developed by the threat, is an open source variant Xeno RAT malware that was previously deployed as part of phishing attacks that are designed to obtain payloads from actor-controlled cloud…
August 21, 2024Ravi LakshmananSoftware Security / Vulnerability Cybersecurity researchers have discovered a critical security flaw affecting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS Score: 8.5), the vulnerability was described as a disclosure bug that results from server-side request forgery (USSR) attack. “An authenticated attacker could bypass server-side request forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft. said in a recommendation published on August 6, 2024. The tech giant went on to say that the vulnerability has been fixed and does not require any action from…
August 21, 2024Ravi LakshmananMalware / cryptocurrency Cybersecurity researchers have discovered a new type of macOS malware called TodoSwift that they say shares common features with known malware used by North Korean hacking groups. “This app has some behavior associated with malware we’ve seen originating from North Korea (DPRK) — specifically a threat known as BlueNoroff — such as CANDY CORN and RustBucket”, Kandi security researcher Christopher Lopez said in the analysis. RustBucket, which first appeared in July 2023, refers to an AppleScript-based backdoor capable of receiving next-stage payloads from a Command and Control (C2) server. Late last year, Elastic Security…
August 21, 2024Ravi LakshmananCyber espionage / threat intelligence In an operational security (OPSEC) breach, the operator behind a new information stealer called Styx Stealer leaked data from his own computer, including customer details, earnings information, nicknames, phone numbers and email addresses. Styx Stealer, derived from Thief of phemedroneis capable of stealing browser data, Telegram and Discord instant messaging sessions, and cryptocurrency wallet information, according to an analysis by cybersecurity firm Check Point. It first appeared in April 2024. “Styx Stealer is likely based on the source code of an older version of Phemedrone Stealer, which lacks some features that newer…